Question No: 11 – (Topic 0)

A developer is creating a web service endpoint using a stateless session EJB for the business logic of an application. Choose two methods to select role based access control for the business logic ? (Choose two)

Using method-permission element in ejb-jar.xml

Using .htaccess file in the application#39;s ear

Using lt;security-rolegt; element in web.xml

By specifying security annotations like @RolesAllowed in the EJB class

Answer: A,D

Question No: 12 – (Topic 0)

Which of the following security technology is not covered in Metro project? (Choose one.)

WS-Trust

WS-SecurityPolicy

WS-SecureConversation

XACML

Answer: D

Question No: 13 – (Topic 0)

A Web service needs to encrypt certain SOAP headers when responding. Which statement

about this encryption is true?

The Web service runtime is the appropriate place for such encryption.

The Web service business logic is the appropriate place for such encryption.

Either the Web service business logic or runtime is appropriate for such encryption.

Neither the Web service business logic nor runtime is appropriate for such encryption.

Transport level security protocol like SSL should be used to meet the requirements without code changes.

Answer: A

Question No: 14 – (Topic 0)

An automobile manufacturer publishes a Web service for use by their suppliers. The manufacturer has stringent security requirements that require suppliers to verify their identity. Data integrity and confidentiality must be maintained between the client and the server. Which two meet all of these requirements? (Choose two.)

X.509 and XKMS

XACML and XKMS

SSL and mutual authentication

XML Encryption and XML Digital Signature

Private network and XML Signature

Answer: C,D

Question No: 15 – (Topic 0)

Which two statements are true about public key digital signatures applied to Web services? (Choose two)

The receiver verifies that the message matches the digital signature using its own private key.

The sender creates a digital signature using its own private key and sends that signature along with the original document.

The sender creates a digital signature using its own public key and sends that signature along with the original document.

The receiver verifies that the message matches the digital signature using the sender#39;s public key.

Answer: B,D

Question No: 16 – (Topic 0)

Which of the following WS-Security token profiles is not supported in Metro?

X509 Token Profile

Kerberos Token Profile

SAML Token Profile

SOAP with Attachments (SWA) profile

Right Expression Language (REL) Token Profile

Answer: E

Question No: 17 – (Topic 0)

Which security technologies are not included in WS-Security?

encryption

handshake for credential exchange and session establishment

security tokens

digital signatures

Answer: B

Question No: 18 – (Topic 0)

An automobile manufacturer publishes a Web service for use by their suppliers. The manufacturer has stringent security requirements that require suppliers to verify their identity. Data integrity and confidentiality must be maintained between the client and the server. Which two technologies can be used to meet the requirements? (Choose two)

XACML and XKMS

SSL with mutual authentication

Message level security with WS-Security

Private network and XML Signature

Answer: B,C

Question No: 19 – (Topic 0)

In designing the security for your enterprise application with multiple Web services, you don#39;t want that each of the services handle user authentication by itself. Then which of the following you can use in your design?

enable secure conversation for each service

a centralized Policy Decision Point (PDP) via XACML

a Security Token Service (STS)

use transport level security with SSL

Answer: C

Question No: 20 – (Topic 0)

A developer wants to use WebServiceContext in the web service endpoint. Which of the following is the correct way to get WebServiceContext object ? (Choose one)